1. Slate Knowledge Base
  2. Admissions & Enrollment
  3. Users & Permissions
  4. User Access

Custom Permissions

Updated
Expand-All  Collapse-All

Custom permissions allow you to create and maintain your own list of permissions to assign to users, roles and objects. This offers a flexible layer of additional security beyond the standard and exclusive permissions within your Slate database. This article will outline how to create custom permissions, how to apply them to objects, and provide some examples to help understand how custom permissions can improve your database.

  Tip - Keep track of your custom permissions!

The nature of custom permissions allows them to be applied to many users, roles and objects simultaneously. We would advise creating and maintaining documentation to keep track of where custom permissions are applied, as this will make it easy to track them down and make changes in the future. An easy way to remember key data points is to ask yourself: What is it for, Where is it applied, and Who has access?

Creating A Custom Permission

1. Click Database in the top navigation bar and select User Permissions.

2. Select Custom Permissions from the navigation bar on the right.

3. Click on New Custom Permission.
4. Enter the following configurations in the popup window and hit Save once complete:
    • Status - Choose whether this custom permission will be active or inactive. By default, this will be set to Active.
    • Permission Type - Choose whether the custom permission is Exclusive or Non-exclusive. Exclusive permissions cannot be inherited through roles and must be granted explicitly to a user.
    • Name - Enter a name for your custom permission. We recommend an intuitive naming convention based on where you intend to apply your permissions within your database such as "Undergrad Reader" or "Financial Aid Tab Read Only."

 

Edit Custom Permissions

Applying Custom Permissions

Once your custom permission has been created, you are ready to apply it to objects within your database.

1. Navigate to your object and click on it.

2. In the popup menu, look for the permission settings dropdown. Depending on the object you have selected, this may have slightly different wording such as Read Permission, Custom Permission, Custom Read Permission, etc. 

3. Select your custom permission from the dropdown menu. Repeat if necessary for any other permissions dropdowns within this popup window.

4. Once all of your custom permissions have been set, click Save.

 Applying Custom Permissions screen

Assigning Custom Permissions

Now that your custom permission has been applied to your object, it's time to determine who will be granted access. 

1. Click Database in the top navigation bar and select User Permissions.
2. If your custom permission is set to be Non-exclusive, you may opt to include it within a role. To add your custom permission to a role:
    • Navigate to the roles tab on the right.
    • Select your role.
    • Within the popup window, scroll down to select your custom permission from the list at the bottom.
    • Click Save. Any users with this role assigned will now inherit your custom permission along with any other permissions that role contains.
 add your custom permission to a role

3. If your custom permission does not need to be included within a role or is set to be Exclusive, you can assign this permission on a user by user basis.

    • Select the Active Users tab on the right.
    • Select the user to apply your custom permission.
    • Click on the Edit User button.
    • For exclusive permissions, click on the Roles tab and select your custom permission from the Permissions (Exclusive) list.
    • For non-exclusive permissions, click on the Permissions tab and select your custom permissions from the Permissions (Custom) list at the bottom.
    • Click Save.
 select your custom permission

  Tip - Test your custom permissions!

To ensure that your custom permissions are working as intended, we recommend adding access to your custom permission on a test account. You can then impersonate this account to confirm that your users will be able to see or interact with these objects. Impersonating another account without this custom permission allows you to confirm that it does not have access to do so.

 

Example 1 - Custom Read Permissions on a Custom Tab

In this example, I want to add a custom permission to a custom tab containing Financial Aid Details. I've already created the application scoped tab and have associated my application scoped form of choice with it. I am now ready to add permissions to ensure that only select staff can view this tab.

  1. I click on Database in the top navigation bar, then select User Permissions.
  2. On the right, I select Custom Permissions and click New Custom Permission.
  3. I've determined that I may add this custom permission to a role in the future, so I leave the permission type as non-exclusive and enter the name "Financial Aid Tab Read Only" and click Save.
  4. I navigate back to the Database and select Tabs.
  5. I click on my Financial Aid Details tab to open the popup window and look for the Read Permissions dropdown. I select my custom permission "Financial Aid Tab Read Only" and click Save. I know that I want a separate permission for users to write to this Financial Aid Tab, so I leave the Write Permission dropdown blank for now.

    Read Permissions dropdown

  6. Back within the User Permissions tool, I select a test user of my choice under Active Users, click Edit User and assign my custom permission to them and save my change.
  7. Impersonating this user, I can now confirm that they are able to view my Financial Aid Details tab on an application record.

    view Financial Aid Details tab on an application record

  8. I exit impersonation and repeat the process with another test user that I did not assign my custom permission to, as I want to be sure that others can no longer see this tab.
  9. (Optional) I add this custom permission to a previously created role that will commonly need to view this tab's information. Instead of needing to grant this custom permission to each user separately, I have added it to the role and granted access to multiple users simultaneously.
  10. I document the custom permission I created. Following the criteria, I record:
      • Financial Aid Tab Read Only Custom Permission
        • What: Limiting read access to Financial Aid Tab.
        • Where: Applied to single Financial Aid Tab read permissions.
        • Who: Assigned to Admissions Staff role.

 

Example 2 - Custom Read and Move Permissions on Reader Bins

In this example, I want to build custom permissions for my Undergraduate Review bins. I've determined that some of my staff will need to be able to see these bins but I don't want them to be able to manually move applications within them, so I will need two separate custom permissions. I intend to add these custom permissions to separate roles for easy updates to my reader's permissions year over year. (If your process allows every reader to move applications, you could opt to use a single custom permission for both settings.)

  1. I click on Database in the top navigation bar, then select User Permissions.
  2. On the right side navigation, I select Custom Permissions and click New Custom Permission.
  3. I create two custom permissions using these steps - Undergrad Bins Read and Undergrad Bins Move. I leave the permission type as non-exclusive.
  4. Clicking on the roles link on the right, I create a new role called Undergrad Review Read Only and assign the global Reader permission along with my custom Undergrad Review Read custom permission then click Save.
  5. I create a second role named Undergrad Review Read Move and assign the global Reader permission with both the Undergrad Review Read and Move custom permissions and click Save.

    example2.png

  6. I navigate back to the Database and select Reader Bins. (If you are using the Workflow Editor, select that instead and within your workflow of choice, click on your bin and navigate to the Next Bin and Queue Settings tab.)
  7. I select one of my Undergraduate bins, scroll down to the Custom Read and Custom Move permissions, and set them to my Read and Move custom permissions appropriately.

    create two custom permissions

  8. After clicking save, I repeat this process with each Undergraduate Review bin as needed.
  9. Back within the User Permissions tool, I select a test user of my choice under Active Users, click Edit User and assign my Undergraduate Bins Read Only role to them within the Roles tab, and save my change.
  10. Impersonating this user, I can now confirm that they can view the Undergraduate Review bins but cannot move any applications.
  11. I exit impersonation and repeat the process with another test user that has been assigned the Undergraduate Bins Read Move role. I confirm that not only can this user view the bins, but they can move a test record's application forward throughout my bin structure.
  12. I exit impersonation and repeat the process with another test user that has not been granted either role but has the global Reader permission to ensure that they cannot view any of my Undergraduate Review bins.
  13. I document the custom permissions I've created. Following the criteria, I record:
      •  Undergraduate Bins Read Custom Permission
        • What: Limiting custom read permissions for Undergraduate Review structure.
        • Where: All bins with the Undergraduate Review grouping.
        • Who: Assigned to Undergraduate Review Read Only and Undergraduate Review Read Move roles.
      • Undergraduate Bins Move Custom Permission
        • What: Limiting custom move permissions for Undergraduate Review structure.
        • Where: All bins with the Undergraduate Review grouping.
        • Who: Assigned to Undergraduate Review Read Move role.
Was this article helpful?
1 out of 1 found this helpful